Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:https://myds.synology.com/support/suppo ... p?lang=enu2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.

When the 2-factor feature became implemented on the Synology, I was thrilled!. It was the best thing Synology could have done for the security of its users. The implementation however, seems to be have a design flaw I feel.

Here is the issue I am facing rite now. I setup 2-factor using the google authenticator app on my blackberry. When my blackberry recently recieved an over-the-air update, it reset my google authenticator app for some reason. Due to this, I was using the "lost my phone" link to recieve the code over my e-mail. Having done this only a few times to save time, I have now been greeted with the following message:

The account I am trying to log into, is the admin account. There was no warning (that I recall) that warned me of running out of code requests via e-mail (google does warn you when you get close to your limit) therefore I never put the app back on my phone.

If anyone can kindly help me as to how I can get back into my box, that would be awesome. I have a feeling I can still log into it via SSH, however I still don't know exactly what to do next (create new admin account?). Thanks.

I lost power and when my synology rebooted the 2 factor auth codes from my phone no-longer worked.I have 2 factor set up on both admin accounts, I cant log into either.I tried the lost your phone link but the emails never show up.

So now I cant log into DSM!!!!????

I can ssh as root into box, Synology support, how do I disable 2 factor from ssh so that I can get back into dsm???

I haven't tried this myself but I was researching it in case it happened to me.

The help files on the NAS say you can press the reset button on the back of the NAS (note this doesn't wipe the NAS, just resets some of the configuration items including network config, admin password and disables 2-step authentication).

SecurityK wrote:Hey can any admins/mods verify if their is a solution for us to get back into our Admin account?

This is a big security risk since my our admin account is locked due to 2 the limit on the backup codes allowed to be sent. Thanks!

I can validate this works(hit reset button on back for 4 seconds and a beep).It resets password of admin account, disables 2 factor auth for that account, and resents NIC settings but does not touch other accounts granted admin privileges. From admin account you can disable 2-factor on other accounts.

PS the resaon 2 factor went bad on mine is because syn system clock was off due to power loss and after a week of uptime, and several reboots did not resync so auth code was always computed wrong.Opening new thread to address this issue.

I agree that there is ZERO warning that there is a limit on 'emergency' codes for 2-factor and there should be. I also hate that there is no way to reset the admin account and *ONLY* the admin account either by some physical button press or through SSH access (as 2-factor settings are not applied to SSH).

Looks like I just have to hit the button and spend the next 15 min resetting all the other settings that are going to get wiped.

/usr/syno/etc/preference/<username>/google_authenticator (you have to grant write access to root user for modification)Now you can add as many 8digit random code as you wish, but do not touch the first 4 lines:

I have stored my DSM for about a year and when reconnecting it I am locked out because I installed 2 step authentication and bought a new phone in the mean time. Pressing the 'lost my phone' link does not result in me receiving an emergency login code.

/usr/syno/etc/preference/<username>/google_authenticator (you have to grant write access to root user for modification)Now you can add as many 8digit random code as you wish, but do not touch the first 4 lines: